From a6b7011952ddb7fd56eba4ce315933d2916344a7 Mon Sep 17 00:00:00 2001 From: Zhiwei Yin Date: Thu, 26 Sep 2024 08:42:51 +0000 Subject: [PATCH] update sync chart from ACM operotar repo Signed-off-by: Zhiwei Yin --- Makefile | 8 ++ ...ster.openshift.io_multiclusterengines.yaml | 8 +- e2e/mce-chart/templates/clusterrole.yaml | 1 + hack/e2e.sh | 2 +- hack/update.sh | 63 ++++++++-- policy/charts/cluster-lifecycle/Chart.yaml | 5 +- ....yaml => klusterlet-addon-deployment.yaml} | 118 +++++++++++------- ...errole.yaml => klusterlet-addon-role.yaml} | 2 + ...aml => klusterlet-addon-role_binding.yaml} | 4 +- ... => klusterlet-addon-service_account.yaml} | 0 policy/charts/cluster-lifecycle/values.yaml | 14 ++- policy/charts/grc/Chart.yaml | 12 +- .../charts/grc/templates/grc-clusterrole.yaml | 15 ++- .../grc/templates/grc-clusterrolebinding.yaml | 18 +-- ...yaml => grc-policy-addon-clusterrole.yaml} | 0 ... grc-policy-addon-clusterrolebinding.yaml} | 0 .../grc/templates/grc-policy-addon-role.yaml | 2 + .../grc-policy-addon-rolebinding.yaml | 11 +- .../grc/templates/grc-policy-addon-sa.yaml | 6 + policy/charts/grc/templates/grc-role.yaml | 4 + .../charts/grc/templates/grc-rolebinding.yaml | 13 +- policy/charts/grc/templates/grc-sa.yaml | 6 +- policy/charts/grc/values.yaml | 16 ++- ...uster-management.io_placementbindings.yaml | 2 +- ...y.open-cluster-management.io_policies.yaml | 2 +- ...uster-management.io_policyautomations.yaml | 3 +- ...open-cluster-management.io_policysets.yaml | 2 +- policy/values.yaml | 2 +- 28 files changed, 237 insertions(+), 102 deletions(-) rename policy/charts/cluster-lifecycle/templates/{deployment.yaml => klusterlet-addon-deployment.yaml} (52%) rename policy/charts/cluster-lifecycle/templates/{clusterrole.yaml => klusterlet-addon-role.yaml} (96%) rename policy/charts/cluster-lifecycle/templates/{clusterrolebinding.yaml => klusterlet-addon-role_binding.yaml} (81%) rename policy/charts/cluster-lifecycle/templates/{serviceaccount.yaml => klusterlet-addon-service_account.yaml} (100%) rename policy/charts/grc/templates/{policyaddon-clusterrole.yaml => grc-policy-addon-clusterrole.yaml} (100%) rename policy/charts/grc/templates/{policyaddon-clusterrolebinding.yaml => grc-policy-addon-clusterrolebinding.yaml} (100%) diff --git a/Makefile b/Makefile index 85a76e6..ce65aaa 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,12 @@ export ACM_VERSION?=2.12 +export MCE_VERSION?=2.7 + +SED_CMD:=sed +ifeq ($(GOHOSTOS),darwin) + SED_CMD:=gsed +endif + +export SED=$(SED_CMD) HELM?=_output/bin/helm HELM_VERSION?=v3.14.0 diff --git a/e2e/mce-chart/crds/multicluster.openshift.io_multiclusterengines.yaml b/e2e/mce-chart/crds/multicluster.openshift.io_multiclusterengines.yaml index 9156ccc..72d05af 100644 --- a/e2e/mce-chart/crds/multicluster.openshift.io_multiclusterengines.yaml +++ b/e2e/mce-chart/crds/multicluster.openshift.io_multiclusterengines.yaml @@ -1,9 +1,9 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null name: multiclusterengines.multicluster.openshift.io spec: group: multicluster.openshift.io @@ -284,9 +284,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null \ No newline at end of file diff --git a/e2e/mce-chart/templates/clusterrole.yaml b/e2e/mce-chart/templates/clusterrole.yaml index b49c073..451877e 100644 --- a/e2e/mce-chart/templates/clusterrole.yaml +++ b/e2e/mce-chart/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/hack/e2e.sh b/hack/e2e.sh index 91e9153..3769c32 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -29,7 +29,7 @@ function waitForReady() { break fi - echo "failed, expected $rst, but got $result, re-try after 5 seconds." + echo "expected $rst, but got $result, re-try after 5 seconds..." sleep 5 (( SECOND = SECOND + 5 )) done diff --git a/hack/update.sh b/hack/update.sh index 4a7be4d..b16f02f 100755 --- a/hack/update.sh +++ b/hack/update.sh @@ -4,6 +4,12 @@ set -o errexit set -o nounset set -o pipefail +rm -rf multiclusterhub-operator + +git clone --depth 1 --branch "release-$ACM_VERSION" https://github.com/stolostron/multiclusterhub-operator.git + + +# update CRDs CRD_FILES="./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_placementbindings.yaml ./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_policies.yaml ./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_policyautomations.yaml @@ -12,25 +18,62 @@ CRD_FILES="./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster ./multiclusterhub-operator/pkg/templates/crds/multicloud-operators-subscription/apps.open-cluster-management.io_placementrules_crd_v1.yaml " -GRC_CMA_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/config-policy-clustermanagementaddon.yaml +for f in $CRD_FILES +do + cp $f ./policy/crds/ +done + + +# update grc sub-chart +#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/Chart.yaml ./policy/charts/grc/ +#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/values.yaml ./policy/charts/grc/ + +GRC_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/config-policy-clustermanagementaddon.yaml ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/governance-policy-framework-clustermanagementaddon.yaml " +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-clusterrole.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-clusterrolebinding.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-role.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-rolebinding.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-clusterrole.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-clusterrolebinding.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-sa.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-role.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-rolebinding.yaml +# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-sa.yaml +# " -rm -rf multiclusterhub-operator -git clone --depth 1 --branch "release-$ACM_VERSION" https://github.com/stolostron/multiclusterhub-operator.git +for f in $GRC_FILES +do + cp $f ./policy/charts/grc/templates/ +done +# update cluster-lifecycle sub-chart +#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/Chart.yaml ./policy/charts/cluster-lifecycle/ +#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml ./policy/charts/cluster-lifecycle/ -for f in $CRD_FILES -do - cp $f ./acm-addons/crds/ -done +CLUSTER_LIFECYCLE_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-role.yaml +./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml +./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml" -for f in $GRC_CMA_FILES +for f in $CLUSTER_LIFECYCLE_FILES do - cp $f ./acm-addons/charts/grc/templates/ + cp $f ./policy/charts/cluster-lifecycle/templates/ done - rm -rf multiclusterhub-operator + +# update e2e mce chart + +rm -rf backplane-operator + +git clone --depth 1 --branch "backplane-$MCE_VERSION" https://github.com/stolostron/backplane-operator.git + +cp ./backplane-operator/config/crd/bases/multicluster.openshift.io_multiclusterengines.yaml ./e2e/mce-chart/crds/ +cp ./backplane-operator/config/rbac/role.yaml ./e2e/mce-chart/templates/clusterrole.yaml + +$SED -i 's/multicluster-engine-operator-role/multicluster-engine-operator/' ./e2e/mce-chart/templates/clusterrole.yaml + +rm -rf backplane-operator \ No newline at end of file diff --git a/policy/charts/cluster-lifecycle/Chart.yaml b/policy/charts/cluster-lifecycle/Chart.yaml index 14c67b5..ad40e4f 100644 --- a/policy/charts/cluster-lifecycle/Chart.yaml +++ b/policy/charts/cluster-lifecycle/Chart.yaml @@ -1,6 +1,9 @@ +# Copyright (c) 2024 Red Hat, Inc. +# Copyright Contributors to the Open Cluster Management project + apiVersion: v1 appVersion: 2.12.0 -version: 2.12.0 description: Helm chart for deploying the cluster lifecycle kubeVersion: ">=1.11.0-0" name: cluster-lifecycle +version: 2.12.0 diff --git a/policy/charts/cluster-lifecycle/templates/deployment.yaml b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml similarity index 52% rename from policy/charts/cluster-lifecycle/templates/deployment.yaml rename to policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml index 072dd43..125442e 100644 --- a/policy/charts/cluster-lifecycle/templates/deployment.yaml +++ b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml @@ -1,13 +1,16 @@ +# Copyright Contributors to the Open Cluster Management project + apiVersion: apps/v1 kind: Deployment metadata: + name: klusterlet-addon-controller-v2 + namespace: {{ .Values.global.namespace }} labels: app: klusterlet-addon-controller-v2 - app.kubernetes.io/name: klusterlet-addon-controller component: klusterlet-addon-controller - name: klusterlet-addon-controller-v2 - namespace: {{ .Values.global.namespace }} + app.kubernetes.io/name: klusterlet-addon-controller spec: + minReadySeconds: 0 replicas: {{ .Values.hubconfig.replicaCount }} selector: matchLabels: @@ -15,13 +18,23 @@ spec: component: klusterlet-addon-controller template: metadata: - creationTimestamp: null labels: app: klusterlet-addon-controller-v2 - app.kubernetes.io/name: klusterlet-addon-controller + ocm-antiaffinity-selector: "klusterletaddon" component: klusterlet-addon-controller - ocm-antiaffinity-selector: klusterletaddon + app.kubernetes.io/name: klusterlet-addon-controller spec: + {{- if .Values.global.pullSecret }} + imagePullSecrets: + - name: {{ .Values.global.pullSecret }} + {{- end }} + serviceAccountName: klusterlet-addon-controller-v2 + hostNetwork: false + hostPID: false + hostIPC: false + terminationGracePeriodSeconds: 60 + securityContext: + runAsNonRoot: true affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -36,46 +49,38 @@ spec: - arm64 podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: + - weight: 70 + podAffinityTerm: + topologyKey: topology.kubernetes.io/zone labelSelector: matchExpressions: - key: ocm-antiaffinity-selector operator: In values: - klusterletaddon - topologyKey: topology.kubernetes.io/zone - weight: 70 - - podAffinityTerm: + - weight: 35 + podAffinityTerm: + topologyKey: kubernetes.io/hostname labelSelector: matchExpressions: - key: ocm-antiaffinity-selector operator: In values: - klusterletaddon - topologyKey: kubernetes.io/hostname - weight: 35 + {{- with .Values.hubconfig.tolerations }} + tolerations: + {{- range . }} + - {{ if .Key }} key: {{ .Key }} {{- end }} + {{ if .Operator }} operator: {{ .Operator }} {{- end }} + {{ if .Value }} value: {{ .Value }} {{- end }} + {{ if .Effect }} effect: {{ .Effect }} {{- end }} + {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} + {{- end }} + {{- end }} containers: - - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: klusterlet-addon-controller image: "{{ .Values.global.imageOverrides.klusterlet_addon_controller }}" - imagePullPolicy: IfNotPresent - name: klusterlet-addon-controller - resources: - limits: - cpu: 500m - memory: 2Gi - requests: - cpu: 50m - memory: 96Mi + imagePullPolicy: {{ .Values.global.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -83,19 +88,36 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - imagePullSecrets: - - name: open-cluster-management-image-pull-credentials - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - serviceAccount: klusterlet-addon-controller-v2 - serviceAccountName: klusterlet-addon-controller-v2 - terminationGracePeriodSeconds: 60 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/infra - operator: Exists + resources: + requests: + memory: "96Mi" + cpu: "50m" + limits: + memory: "2Gi" + cpu: "500m" + env: + - name: WATCH_NAMESPACE + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: klusterlet-addon-controller + - name: HUB_VERSION + value: {{ .Values.hubconfig.hubVersion }} + - name: USE_SHA_MANIFEST + value: "true" + - name: DEFAULT_IMAGE_PULL_SECRET + value: {{ .Values.global.pullSecret }} + - name: DEFAULT_IMAGE_REGISTRY + value: {{ .Values.global.imageRepository }} + - name: ADDON_CLUSTERROLE_PREFIX + value: "open-cluster-management:addons:" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.hubconfig.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/policy/charts/cluster-lifecycle/templates/clusterrole.yaml b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-role.yaml similarity index 96% rename from policy/charts/cluster-lifecycle/templates/clusterrole.yaml rename to policy/charts/cluster-lifecycle/templates/klusterlet-addon-role.yaml index d36d9b6..6b1370b 100644 --- a/policy/charts/cluster-lifecycle/templates/clusterrole.yaml +++ b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-role.yaml @@ -1,3 +1,5 @@ +# Copyright Contributors to the Open Cluster Management project + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/policy/charts/cluster-lifecycle/templates/clusterrolebinding.yaml b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml similarity index 81% rename from policy/charts/cluster-lifecycle/templates/clusterrolebinding.yaml rename to policy/charts/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml index e7d2c77..08a6c1e 100644 --- a/policy/charts/cluster-lifecycle/templates/clusterrolebinding.yaml +++ b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml @@ -1,3 +1,5 @@ +# Copyright Contributors to the Open Cluster Management project + kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -9,7 +11,7 @@ metadata: subjects: - kind: ServiceAccount name: klusterlet-addon-controller-v2 - namespace: {{ .Values.global.namespace }} + namespace: '{{ .Values.global.namespace }}' roleRef: kind: ClusterRole name: open-cluster-management:klusterlet-addon-controller-v2 diff --git a/policy/charts/cluster-lifecycle/templates/serviceaccount.yaml b/policy/charts/cluster-lifecycle/templates/klusterlet-addon-service_account.yaml similarity index 100% rename from policy/charts/cluster-lifecycle/templates/serviceaccount.yaml rename to policy/charts/cluster-lifecycle/templates/klusterlet-addon-service_account.yaml diff --git a/policy/charts/cluster-lifecycle/values.yaml b/policy/charts/cluster-lifecycle/values.yaml index 448b4e5..7b4025e 100644 --- a/policy/charts/cluster-lifecycle/values.yaml +++ b/policy/charts/cluster-lifecycle/values.yaml @@ -1,8 +1,14 @@ global: imageOverrides: - klusterlet_addon_controller: "" - - namespace: multicluster-engine - + klusterlet_addon_controller: '' + templateOverrides: {} + namespace: '' + pullSecret: null + imageRepository: '' + hubSize: Small hubconfig: + nodeSelector: null + proxyConfigs: {} replicaCount: 1 + tolerations: [] +org: open-cluster-management diff --git a/policy/charts/grc/Chart.yaml b/policy/charts/grc/Chart.yaml index 5bf54d8..274efe0 100644 --- a/policy/charts/grc/Chart.yaml +++ b/policy/charts/grc/Chart.yaml @@ -1,5 +1,13 @@ +# Copyright (c) 2024 Red Hat, Inc. +# Copyright Contributors to the Open Cluster Management project + apiVersion: v1 appVersion: 2.12.0 -version: 2.12.0 -description: A Helm chart for multicloud policy +description: A Helm chart for multicloud grc +category: "Development" +keywords: + - acm + - grc name: grc +verified: "RHACM" +version: 2.12.0 diff --git a/policy/charts/grc/templates/grc-clusterrole.yaml b/policy/charts/grc/templates/grc-clusterrole.yaml index 5319f54..3afd021 100644 --- a/policy/charts/grc/templates/grc-clusterrole.yaml +++ b/policy/charts/grc/templates/grc-clusterrole.yaml @@ -1,7 +1,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: open-cluster-management:grc:clusterrole + name: {{ .Values.org }}:grc:clusterrole + namespace: {{ .Values.global.namespace }} + labels: + app: grc rules: - apiGroups: - tower.ansible.com @@ -58,9 +61,9 @@ rules: - list - watch - apiGroups: - - authentication.k8s.io + - 'authentication.k8s.io' resources: - - tokenreviews + - 'tokenreviews' verbs: - create - apiGroups: @@ -94,3 +97,9 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create diff --git a/policy/charts/grc/templates/grc-clusterrolebinding.yaml b/policy/charts/grc/templates/grc-clusterrolebinding.yaml index 1c290a0..2ed6013 100644 --- a/policy/charts/grc/templates/grc-clusterrolebinding.yaml +++ b/policy/charts/grc/templates/grc-clusterrolebinding.yaml @@ -1,13 +1,17 @@ +# Copyright (c) 2020 Red Hat, Inc. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: open-cluster-management:grc:clusterrolebinding + name: {{ .Values.org }}:grc:clusterrolebinding + namespace: {{ .Values.global.namespace }} + labels: + app: grc roleRef: - apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: open-cluster-management:grc:clusterrole + name: {{ .Values.org }}:grc:clusterrole + apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - name: grc-sa - namespace: {{ .Values.global.namespace }} - \ No newline at end of file + - kind: ServiceAccount + name: grc-sa + namespace: {{ .Values.global.namespace }} diff --git a/policy/charts/grc/templates/policyaddon-clusterrole.yaml b/policy/charts/grc/templates/grc-policy-addon-clusterrole.yaml similarity index 100% rename from policy/charts/grc/templates/policyaddon-clusterrole.yaml rename to policy/charts/grc/templates/grc-policy-addon-clusterrole.yaml diff --git a/policy/charts/grc/templates/policyaddon-clusterrolebinding.yaml b/policy/charts/grc/templates/grc-policy-addon-clusterrolebinding.yaml similarity index 100% rename from policy/charts/grc/templates/policyaddon-clusterrolebinding.yaml rename to policy/charts/grc/templates/grc-policy-addon-clusterrolebinding.yaml diff --git a/policy/charts/grc/templates/grc-policy-addon-role.yaml b/policy/charts/grc/templates/grc-policy-addon-role.yaml index c7cd898..a43ecbf 100644 --- a/policy/charts/grc/templates/grc-policy-addon-role.yaml +++ b/policy/charts/grc/templates/grc-policy-addon-role.yaml @@ -3,6 +3,8 @@ kind: Role metadata: name: grc-grc-policy-addon-role namespace: {{ .Values.global.namespace }} + labels: + app: grc rules: - apiGroups: - "" diff --git a/policy/charts/grc/templates/grc-policy-addon-rolebinding.yaml b/policy/charts/grc/templates/grc-policy-addon-rolebinding.yaml index 6969942..96788c8 100644 --- a/policy/charts/grc/templates/grc-policy-addon-rolebinding.yaml +++ b/policy/charts/grc/templates/grc-policy-addon-rolebinding.yaml @@ -1,12 +1,15 @@ -apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: grc-grc-policy-addon-rolebinding namespace: {{ .Values.global.namespace }} + labels: + app: grc roleRef: - apiGroup: rbac.authorization.k8s.io kind: Role name: grc-grc-policy-addon-role + apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - name: grc-policy-addon-sa + - kind: ServiceAccount + name: grc-policy-addon-sa diff --git a/policy/charts/grc/templates/grc-policy-addon-sa.yaml b/policy/charts/grc/templates/grc-policy-addon-sa.yaml index 70339db..5e04afb 100644 --- a/policy/charts/grc/templates/grc-policy-addon-sa.yaml +++ b/policy/charts/grc/templates/grc-policy-addon-sa.yaml @@ -1,5 +1,11 @@ + apiVersion: v1 kind: ServiceAccount metadata: name: grc-policy-addon-sa namespace: {{ .Values.global.namespace }} + labels: + app: grc + component: "ocm-policy-addon-ctrl" + app.kubernetes.io/instance: grc + app.kubernetes.io/name: grc diff --git a/policy/charts/grc/templates/grc-role.yaml b/policy/charts/grc/templates/grc-role.yaml index 09261c0..6b0b9da 100644 --- a/policy/charts/grc/templates/grc-role.yaml +++ b/policy/charts/grc/templates/grc-role.yaml @@ -1,8 +1,12 @@ +# Copyright (c) 2020 Red Hat, Inc. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: grc-grc-role namespace: {{ .Values.global.namespace }} + labels: + app: grc + component: "ocm-grc-role" rules: - apiGroups: - "" diff --git a/policy/charts/grc/templates/grc-rolebinding.yaml b/policy/charts/grc/templates/grc-rolebinding.yaml index 287ad5e..a0dd8de 100644 --- a/policy/charts/grc/templates/grc-rolebinding.yaml +++ b/policy/charts/grc/templates/grc-rolebinding.yaml @@ -1,12 +1,17 @@ -apiVersion: rbac.authorization.k8s.io/v1 +# Copyright (c) 2020 Red Hat, Inc. kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: grc-grc-rolebinding namespace: {{ .Values.global.namespace }} + labels: + app: grc + component: "ocm-grc-rolebinding" roleRef: - apiGroup: rbac.authorization.k8s.io kind: Role name: grc-grc-role + apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - name: grc-sa + - kind: ServiceAccount + name: grc-sa + \ No newline at end of file diff --git a/policy/charts/grc/templates/grc-sa.yaml b/policy/charts/grc/templates/grc-sa.yaml index d228bd6..65e54c7 100644 --- a/policy/charts/grc/templates/grc-sa.yaml +++ b/policy/charts/grc/templates/grc-sa.yaml @@ -1,6 +1,10 @@ +# Copyright (c) 2020 Red Hat, Inc. + apiVersion: v1 kind: ServiceAccount metadata: name: grc-sa namespace: {{ .Values.global.namespace }} - \ No newline at end of file + labels: + app: grc + component: "ocm-grc-sa" diff --git a/policy/charts/grc/values.yaml b/policy/charts/grc/values.yaml index f26c935..c92ef75 100644 --- a/policy/charts/grc/values.yaml +++ b/policy/charts/grc/values.yaml @@ -1,12 +1,20 @@ +# Copyright (c) 2020 Red Hat, Inc. + global: imageOverrides: governance_policy_propagator: "" governance_policy_addon_controller: "" + cert_policy_controller: "" config_policy_controller: "" governance_policy_framework_addon: "" - - namespace: multicluster-engine - + templateOverrides: {} + namespace: "" + pullSecret: null + pullPolicy: Always + hubSize: Small hubconfig: + nodeSelector: null + proxyConfigs: {} replicaCount: 1 - \ No newline at end of file + tolerations: [] +org: open-cluster-management diff --git a/policy/crds/policy.open-cluster-management.io_placementbindings.yaml b/policy/crds/policy.open-cluster-management.io_placementbindings.yaml index 1186155..3eab953 100644 --- a/policy/crds/policy.open-cluster-management.io_placementbindings.yaml +++ b/policy/crds/policy.open-cluster-management.io_placementbindings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: placementbindings.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io diff --git a/policy/crds/policy.open-cluster-management.io_policies.yaml b/policy/crds/policy.open-cluster-management.io_policies.yaml index 896bff4..53f4e2d 100644 --- a/policy/crds/policy.open-cluster-management.io_policies.yaml +++ b/policy/crds/policy.open-cluster-management.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: policies.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io diff --git a/policy/crds/policy.open-cluster-management.io_policyautomations.yaml b/policy/crds/policy.open-cluster-management.io_policyautomations.yaml index d6a0e3f..2a5ed4d 100644 --- a/policy/crds/policy.open-cluster-management.io_policyautomations.yaml +++ b/policy/crds/policy.open-cluster-management.io_policyautomations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: policyautomations.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io @@ -116,6 +116,7 @@ spec: type: string required: - automationDef + - eventHook - mode - policyRef type: object diff --git a/policy/crds/policy.open-cluster-management.io_policysets.yaml b/policy/crds/policy.open-cluster-management.io_policysets.yaml index cf28359..542bbb5 100644 --- a/policy/crds/policy.open-cluster-management.io_policysets.yaml +++ b/policy/crds/policy.open-cluster-management.io_policysets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: policysets.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io diff --git a/policy/values.yaml b/policy/values.yaml index 3571b12..7be2ab4 100644 --- a/policy/values.yaml +++ b/policy/values.yaml @@ -14,7 +14,7 @@ global: # governance_policy_framework_addon: "registry.redhat.io/rhacm2/acm-governance-policy-framework-addon-rhel9@sha256:a4880f6e82d2b82606203ea855d0418bb29b3d4535f8bc7a9ef4074258c18674" # klusterlet_addon_controller: "registry.redhat.io/rhacm2/klusterlet-addon-controller-rhel9@sha256:478e3e6cda0d74f43b0f05911d023344108a5cd79d57d5cc9f268ad064848a00" namespace: multicluster-engine - + pullSecret: open-cluster-management-image-pull-credentials grc: hubconfig: replicaCount: 2